Cybersecurity amendment: Police need a warrant to track you via GPS

As the Senate gears up for a battle over the Cybersecurity Act of 2012 — a bill set for a vote this week, after two years of debate over its contents — the amendments are pouring in. The latest: A provision from Sen. Ron Wyden (D-OR) that would require law enforcement to receive a warrant before obtaining GPS location data from a citizen’s cellphone or other personal electronics, reports The Hill. Wyden is expected to officially introduce the amendment later today.

Dubbed the Geolocation Privacy and Surveillance Act, or “GPS Act,” the bill would explicitly require police to obtain a warrant before tracking a person’s GPS-enabled device, or gathering that information from companies. It would also provide clear ground rules for how companies must respond to police requests for such data.

To obtain a GPS-tracking warrant, the GPS Act mandates that law enforcement would have to have probable cause first before gathering geolocation data on a U.S. citizen. The need of a warrant would be waived, however, in instances of emergency, national security situations, or theft or fraud. Furthermore, the GPS Act would create criminal penalties for anyone who uses a GPS device to track a person’s movements.

The bill seeks to eliminate ambiguity in the law regarding GPS devices. Earlier this year, the Supreme Court ruled that police must obtain a warrant before placing a GPS tracking device on a suspect’s vehicle. However, the Court did not clarify whether a warrant was needed to obtain geolocation data that was already collected through a person’s GPS-enabled gadgets.

“Because the law has not kept up with the pace of innovation, it makes sense to include the GPS Act’s requirement that law enforcement obtain a warrant for GPS tracking in the Cybersecurity Act. This will protect Americans’ location information from misuse,” Wyden said in a statement. “Part of the goal of the cybersecurity legislation is to update rules for information collection and privacy for the digital age, which is what the GPS Act is all about.”

The Cybersecurity Act of 2012 (CSA2012) would allow for greater sharing of “cyber threat data” between the U.S. government and businesses. Unlike earlier iterations of the bill — and also unlike the contentious Cyber Intelligence Sharing and Protection Act — CSA2012 forbids the government from sharing the data with military organizations, like the National Security Agency, which often operate secretively.

CSA2012 would also create an incentives program for businesses who operate critical infrastructure networks, like electric grids, to incentivize the establishment of greater cybersecurity measures. A new agency would also be created to oversee the implementation of such measures.

Despite changes to CSA2012 that made the legislation more palatable to civil liberty advocats, the Electronic Frontier Foundation (EFF) still opposes the bill on the grounds that it would give companies like Internet service providers the ability to monitor the activity of their users, or block privacy-protecting technologies like Tor or VPNs.

Debate on CSA2012 is expected to begin today, with a vote set for later this week. It is not yet clear whether the GPS Act, which was first unveiled last year, will be adopted into the CSA 2012 legislation.